【摘要】：隨著網(wǎng)絡(luò)基礎(chǔ)設(shè)施的不斷完善和網(wǎng)絡(luò)應(yīng)用的越來越豐富,網(wǎng)絡(luò)應(yīng)用所具有的便捷高效使人們將更多的學(xué)習(xí)、生活和工作建立在網(wǎng)絡(luò)之上,比如企業(yè)管理、電子商務(wù)等。大量的數(shù)據(jù)需要得到安全的存儲(chǔ)和傳輸,保證其機(jī)密性、完整性和可用性。人們對(duì)網(wǎng)絡(luò)應(yīng)用的依賴性越高,網(wǎng)絡(luò)應(yīng)用系統(tǒng)一旦受到破壞所帶來的損失也就越大�，F(xiàn)有的網(wǎng)絡(luò)應(yīng)用系統(tǒng)為開放式的系統(tǒng),一方面滿足了信息共享的需要,另一方面這種開放性為黑客發(fā)動(dòng)攻擊提供了可能性,黑客可以利用復(fù)雜的互聯(lián)的網(wǎng)絡(luò)和主機(jī)系統(tǒng)存在的各種安全漏洞進(jìn)行攻擊而給組織和個(gè)人帶來一定程度的損失�，F(xiàn)有的網(wǎng)絡(luò)應(yīng)用安全防護(hù)系統(tǒng)無法確保整個(gè)系統(tǒng)不存在任何漏洞,因此入侵檢測(cè)系統(tǒng)在網(wǎng)絡(luò)安全中起著非常重要的作用,是網(wǎng)絡(luò)安全防護(hù)的必要補(bǔ)充�，F(xiàn)有的入侵檢測(cè)相關(guān)的研究并不充分,本論文研究正是在這種背景下產(chǎn)生的,是非常有意義的。 本文首先介紹了入侵檢測(cè)的概念和發(fā)展,介紹了現(xiàn)有的較有影響的國(guó)際入侵檢測(cè)規(guī)范建議,入侵檢測(cè)常用的技術(shù)手段,并對(duì)入侵檢測(cè)從不同的角度進(jìn)行了分類。然后介紹了可用于入侵檢測(cè)中的數(shù)據(jù)挖掘算法的應(yīng)用方式,并對(duì)其優(yōu)缺點(diǎn)進(jìn)行了分析,還對(duì)存在于網(wǎng)絡(luò)中的入侵類型和特征進(jìn)行了分析。最后詳細(xì)說明了本文提出的檢測(cè)模式,包括入侵檢測(cè)模式的整體流程,入侵檢測(cè)屬性子集的選擇,數(shù)據(jù)預(yù)處理方法和用于入侵檢測(cè)的聚類算法,并對(duì)本文提出的檢測(cè)模式進(jìn)行了實(shí)驗(yàn)驗(yàn)證和分析。 現(xiàn)有的基于聚類分析入侵檢測(cè)的研究大都通過改進(jìn)聚類算法增強(qiáng)入侵檢測(cè)的效果,并沒有充分利用已知的入侵特征信息,事實(shí)上我們已經(jīng)掌握了大量的己知入侵類型的特征信息。由于假定完全不知道被檢測(cè)的數(shù)據(jù)特征,這些改進(jìn)的聚類算法往往具有較高的空間和時(shí)間復(fù)雜度,這種特點(diǎn)無法適應(yīng)越來越高的網(wǎng)絡(luò)帶寬和被檢測(cè)數(shù)據(jù)量較大的入侵檢測(cè)環(huán)境。本文在對(duì)入侵特征進(jìn)行分析的基礎(chǔ)上,提出了用于入侵檢測(cè)的屬性集選擇方法。然后本文設(shè)計(jì)了一種新的入侵檢測(cè)模式,充分利用已掌握的入侵信息計(jì)算得到的各種類型中心向量作為改進(jìn)K-Means算法的初始聚類中心,有效解決了K-Means算法本身存在初始聚類中心難以確定可能導(dǎo)致局部最優(yōu)的問題,并保證了算法的簡(jiǎn)潔性。由于已知類型的中心向量能很好的表征被檢測(cè)數(shù)據(jù)的分布情況,因此本檢測(cè)模式具有較好的收斂性,能滿足現(xiàn)有網(wǎng)絡(luò)越來越高的帶寬需求。當(dāng)檢測(cè)到新的未知入侵類型時(shí),入侵檢測(cè)規(guī)則庫(kù)應(yīng)得到及時(shí)的更新,使這種檢測(cè)模式具有動(dòng)態(tài)檢測(cè)的效果能適應(yīng)不斷變化的網(wǎng)絡(luò)入侵環(huán)境。通過實(shí)驗(yàn)驗(yàn)證這種檢測(cè)模式是有效的,能檢測(cè)出某一種具體的入侵類型,并能有效發(fā)現(xiàn)可能出現(xiàn)的新的入侵類型。
[Abstract]:With the continuous improvement of the network infrastructure and the increasing richness of the network application, the convenience and efficiency of the network application make people learn, live and work more on the network, such as enterprise management, electronic commerce and so on. Large amounts of data need to be safely stored and transmitted to ensure confidentiality, integrity, and availability. The higher the dependence on network application, the greater the loss of network application system once it is damaged. The existing network application system is an open system. On the one hand, it meets the need of information sharing, on the other hand, this openness provides the possibility for hackers to launch attacks. Hackers can take advantage of various security vulnerabilities in complex interconnected networks and host systems to attack organizations and individuals to a certain extent. The existing network application security protection system can not ensure that there are no vulnerabilities in the whole system, so intrusion detection system plays a very important role in network security and is a necessary supplement to network security protection. The existing research on intrusion detection is not sufficient. The research in this paper is produced under this background, and it is very meaningful. This paper first introduces the concept and development of intrusion detection, introduces the existing international intrusion detection standard recommendations, intrusion detection commonly used technical means, and classifies intrusion detection from different angles. Then it introduces the application of data mining algorithm which can be used in intrusion detection, analyzes its advantages and disadvantages, and analyzes the types and features of intrusion existing in the network. Finally, the detection mode proposed in this paper is described in detail, including the whole process of intrusion detection mode, the selection of intrusion detection attribute subset, the method of data preprocessing and the clustering algorithm for intrusion detection. The test model proposed in this paper is verified and analyzed experimentally. The existing research of intrusion detection based on clustering analysis mostly enhances the effect of intrusion detection by improved clustering algorithm, and does not make full use of the known intrusion feature information. In fact, we already have a lot of characteristic information about the type of intrusion we know. These improved clustering algorithms often have high space and time complexity due to the assumption that they do not know the detected data features completely. This feature is unable to adapt to the increasingly high network bandwidth and intrusion detection environment with large amount of detected data. Based on the analysis of intrusion features, an attribute set selection method for intrusion detection is proposed in this paper. Then, a new intrusion detection model is designed, which makes full use of the various types of center vectors obtained from the computation of the existing intrusion information as the initial clustering center of the improved K-Means algorithm. It effectively solves the problem that the initial clustering center of K-Means algorithm itself is difficult to determine, which may lead to local optimization, and ensures the conciseness of the algorithm. Because the known types of center vectors can well represent the distribution of the detected data, the detection mode has a better convergence and can meet the increasing bandwidth requirements of the existing network. When the new unknown intrusion type is detected, the intrusion detection rule base should be updated in time, so that the dynamic detection effect of this detection mode can adapt to the changing network intrusion environment. It is proved by experiments that this detection model is effective, which can detect a specific intrusion type, and can effectively find new intrusion types that may appear.
【學(xué)位授予單位】：太原理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP311.13;TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 羅敏,王麗娜,張煥國(guó);基于無監(jiān)督聚類的入侵檢測(cè)方法[J];電子學(xué)報(bào);2003年11期

2 杜強(qiáng);孫敏;;基于改進(jìn)聚類分析算法的入侵檢測(cè)系統(tǒng)研究[J];計(jì)算機(jī)工程與應(yīng)用;2011年11期

3 余祥宣,盧剛;CIDF的組件通信分析和算法描述[J];計(jì)算機(jī)工程;2002年05期

4 何波;程勇軍;涂飛;楊武;;自適應(yīng)入侵檢測(cè)專家系統(tǒng)模型[J];計(jì)算機(jī)工程;2007年10期

5 張亞玲;康立錦;;基于數(shù)據(jù)挖掘的Snort系統(tǒng)改進(jìn)模型[J];計(jì)算機(jī)應(yīng)用;2009年02期

6 王令劍;滕少華;;聚類和時(shí)間序列分析在入侵檢測(cè)中的應(yīng)用[J];計(jì)算機(jī)應(yīng)用;2010年03期

7 王翠娥;于曉明;;網(wǎng)格和密度聚類算法在入侵檢測(cè)中的應(yīng)用[J];計(jì)算機(jī)應(yīng)用;2010年11期

8 謝慧;吳曉平;張志剛;王李民;;基于蟻群聚類的入侵檢測(cè)技術(shù)研究[J];計(jì)算機(jī)應(yīng)用研究;2010年08期

9 李濤;;基于數(shù)據(jù)挖掘技術(shù)的自適應(yīng)入侵檢測(cè)系統(tǒng)模型[J];計(jì)算機(jī)工程與設(shè)計(jì);2010年06期

10 唐湘滟;朱幸輝;盛立新;陳曉珍;程杰仁;;基于IDMEF的信息安全事件標(biāo)準(zhǔn)化模型研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2011年05期

，

本文編號(hào)：2177691